Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/530933-5915-4ff2-b1f9-5010d05f99a8/1/aWaAP_Vq0N7VNyfThxzneJcXxno.roa
File:                     aWaAP_Vq0N7VNyfThxzneJcXxno.roa (raw, json)
Hash identifier:          IQHBW+5TT6AAb4/Jj/TJBNIIY4J0wU3h1uvbC15E3cU=
Subject key identifier:   69:66:80:3F:F5:6A:D0:DE:D5:37:27:D3:87:1C:E7:78:97:17:C6:7A
Certificate issuer:       /CN=7f58bc086412f4d2c54fa0702d92ce25496ce479
Certificate serial:       018CC8DE1ABF685C48B168D46CFF4DCB5AA7
Authority key identifier: 7F:58:BC:08:64:12:F4:D2:C5:4F:A0:70:2D:92:CE:25:49:6C:E4:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f1i8CGQS9NLFT6BwLZLOJUls5Hk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/530933-5915-4ff2-b1f9-5010d05f99a8/1/aWaAP_Vq0N7VNyfThxzneJcXxno.roa
Signing time:             Tue 02 Jan 2024 06:30:48 +0000
ROA not before:           Tue 02 Jan 2024 06:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        91.205.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/530933-5915-4ff2-b1f9-5010d05f99a8/1/f1i8CGQS9NLFT6BwLZLOJUls5Hk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/530933-5915-4ff2-b1f9-5010d05f99a8/1/f1i8CGQS9NLFT6BwLZLOJUls5Hk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f1i8CGQS9NLFT6BwLZLOJUls5Hk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:1a:bf:68:5c:48:b1:68:d4:6c:ff:4d:cb:5a:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f58bc086412f4d2c54fa0702d92ce25496ce479
        Validity
            Not Before: Jan  2 06:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6966803ff56ad0ded53727d3871ce7789717c67a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:99:9c:6b:21:ea:bc:e4:ae:5e:60:ab:b2:ef:
                    5a:09:d8:c1:35:85:3d:1f:2e:d3:23:28:c5:94:a2:
                    bf:f5:d2:1e:11:7e:b8:64:49:53:b9:e9:78:08:6c:
                    16:5f:a7:91:ef:03:54:08:0d:70:f7:b5:3e:6e:99:
                    e5:cd:44:f9:fb:b5:63:db:a0:58:cb:24:8a:74:fa:
                    5f:37:15:98:5c:fd:84:28:1c:e9:32:70:f9:47:12:
                    26:42:8a:e8:95:06:46:df:e4:64:1a:81:06:bc:5a:
                    3d:6c:55:67:b1:cd:ba:6d:60:8e:05:76:f5:5b:47:
                    8b:9e:5b:fe:96:88:5e:e3:1e:59:5d:83:0f:3b:54:
                    e5:50:71:d6:a6:82:e3:9c:6c:a9:0c:87:17:71:ab:
                    28:13:95:09:71:5d:0f:b7:0b:10:15:36:dc:55:82:
                    15:80:75:87:12:93:f0:91:87:f0:b1:de:72:11:8f:
                    70:2f:3a:89:38:05:c3:49:46:80:9d:df:96:0e:25:
                    29:77:80:fb:76:f0:18:1b:49:65:dd:27:11:ca:3d:
                    43:b3:aa:86:d2:3a:af:7c:e1:4b:96:e4:86:27:e9:
                    ed:18:02:ec:39:b2:7c:27:df:34:9f:b0:ad:6e:0f:
                    e7:b1:30:2a:76:68:4a:a8:e8:09:f6:f8:73:06:38:
                    64:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:66:80:3F:F5:6A:D0:DE:D5:37:27:D3:87:1C:E7:78:97:17:C6:7A
            X509v3 Authority Key Identifier:
                keyid:7F:58:BC:08:64:12:F4:D2:C5:4F:A0:70:2D:92:CE:25:49:6C:E4:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1i8CGQS9NLFT6BwLZLOJUls5Hk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/530933-5915-4ff2-b1f9-5010d05f99a8/1/aWaAP_Vq0N7VNyfThxzneJcXxno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/530933-5915-4ff2-b1f9-5010d05f99a8/1/f1i8CGQS9NLFT6BwLZLOJUls5Hk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:4a:66:59:a4:99:a4:a0:d2:1d:21:f3:d9:69:8c:4b:c7:48:
         b3:c1:06:56:f1:3f:ca:5b:e2:dd:61:f6:30:1a:52:f0:7b:73:
         54:c8:8d:cd:9e:cd:81:48:7f:b5:58:37:80:e3:84:d0:e9:34:
         8c:69:64:bb:1e:01:c8:7e:19:39:8c:01:70:40:67:6c:57:34:
         a6:c4:54:04:c4:1d:1f:b4:a0:da:8d:f4:8b:52:3c:c4:48:68:
         26:1f:b0:8f:64:43:db:62:7c:fd:9a:80:bd:67:09:d5:92:52:
         20:31:66:52:58:d2:5b:d5:d9:ca:5c:b9:78:53:c0:a1:a0:d8:
         e1:16:54:52:c4:44:90:88:d0:cf:2a:35:de:b3:68:c0:c6:9f:
         19:52:84:a5:1d:45:06:c9:08:0d:b4:13:1a:82:00:23:9e:6a:
         cf:15:59:b5:2c:1b:39:20:46:5b:8c:db:0b:61:c4:3f:76:c2:
         1f:f7:57:5b:29:1c:0e:06:91:a5:16:84:9d:ef:02:61:f7:62:
         35:77:e2:18:57:10:1f:14:67:de:e4:b8:cd:c6:fe:94:fd:bc:
         a8:c5:62:40:4d:66:2e:6e:76:cf:dc:ad:0a:93:cf:3c:31:63:
         68:7f:e9:af:9d:fd:f5:7f:ca:c2:02:cf:0d:48:23:b9:4e:79:
         c8:a9:d2:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3hq/aFxIsWjUbP9Ny1qnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNThiYzA4NjQxMmY0ZDJjNTRmYTA3MDJkOTJjZTI1NDk2
Y2U0NzkwHhcNMjQwMTAyMDYzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTY2ODAzZmY1NmFkMGRlZDUzNzI3ZDM4NzFjZTc3ODk3MTdjNjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5mcayHqvOSuXmCrsu9aCdjBNYU9
Hy7TIyjFlKK/9dIeEX64ZElTuel4CGwWX6eR7wNUCA1w97U+bpnlzUT5+7Vj26BY
yySKdPpfNxWYXP2EKBzpMnD5RxImQorolQZG3+RkGoEGvFo9bFVnsc26bWCOBXb1
W0eLnlv+lohe4x5ZXYMPO1TlUHHWpoLjnGypDIcXcasoE5UJcV0PtwsQFTbcVYIV
gHWHEpPwkYfwsd5yEY9wLzqJOAXDSUaAnd+WDiUpd4D7dvAYG0ll3ScRyj1Ds6qG
0jqvfOFLluSGJ+ntGALsObJ8J980n7Ctbg/nsTAqdmhKqOgJ9vhzBjhkjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGlmgD/1atDe1Tcn04cc53iXF8Z6MB8GA1UdIwQY
MBaAFH9YvAhkEvTSxU+gcC2SziVJbOR5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjFpOENHUVM5TkxGVDZCd0xaTE9KVWxzNUhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy81MzA5MzMtNTkxNS00ZmYyLWIxZjkt
NTAxMGQwNWY5OWE4LzEvYVdhQVBfVnEwTjdWTnlmVGh4em5lSmNYeG5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy81MzA5MzMtNTkxNS00ZmYyLWIxZjktNTAxMGQwNWY5OWE4
LzEvZjFpOENHUVM5TkxGVDZCd0xaTE9KVWxzNUhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW819MA0G
CSqGSIb3DQEBCwUAA4IBAQBPSmZZpJmkoNIdIfPZaYxLx0izwQZW8T/KW+LdYfYw
GlLwe3NUyI3Nns2BSH+1WDeA44TQ6TSMaWS7HgHIfhk5jAFwQGdsVzSmxFQExB0f
tKDajfSLUjzESGgmH7CPZEPbYnz9moC9ZwnVklIgMWZSWNJb1dnKXLl4U8ChoNjh
FlRSxESQiNDPKjXes2jAxp8ZUoSlHUUGyQgNtBMaggAjnmrPFVm1LBs5IEZbjNsL
YcQ/dsIf91dbKRwOBpGlFoSd7wJh92I1d+IYVxAfFGfe5LjNxv6U/byoxWJATWYu
bnbP3K0Kk888MWNof+mvnf31f8rCAs8NSCO5TnnIqdLC
-----END CERTIFICATE-----